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REMARKS 

I. Introductory Comments. 

Claims 1, 3-9, and 11-31 are pending, and claims 1,9, 17, and 24 are independent claims. 
No claims have been canceled or amended. 

In the Office Action, claims 1, 3-9, and 1 1-31 were rejected under 35 U.S.C. § 103(a) as 
allegedly being unpatentable over Applicants' Background of the Invention, U.S. Patent 
Application Publication No. 2002/0138416 ("Applicants' Background"), in view of Kalyan (U.S. 
Patent No. 6,266,655), and in further view of Norton (U.S. Patent Application Publication No. 
2002/0091699). 

In view of the following arguments, all claims are believed to be in condition for 
allowance. Therefore, this response is believed to be a complete response to the Final Office 
Action. However, Applicants reserve the right to set forth further arguments supporting the 
patentability of their claims, including the separate patentability of the dependent claims not 
explicitly addressed herein, in future papers. 1 Further, for any instances in which the Examiner 
took Official Notice in the Office Action, Applicants expressly do not acquiesce to the taking of 
Official Notice, and respectfully request that the Examiner provide an affidavit to support the 
Official Notice taken in the next Office Action, as required by 37 CFR 1.104(d)(2) and MPEP § 
2144.03. 

II. Independent Claims 1, 9, 17, and 24 Are Patentable Over The Cited References. 

Independent claims 1,9, 17, and 24 were rejected under Section 103(a) as allegedly being 
unpatentable over Applicants' Background in combination with Kalyan and Norton. However, 
Applicants' Background is merely background information, and does not teach or suggest 
numerous recitations found in Applicants' claims, as discussed in detail below. In addition, there 

1. As Applicants' remarks with respect to the Examiner's rejections are sufficient to overcome these rejections, 
Applicants' silence as to assertions by the Examiner in the Office Action or certain requirements that may be 
applicable to such rejections (e.g., whether a reference constitutes prior art, motivation to combine references, 
assertions as to dependent claims, etc.) is not a concession by Applicants that such assertions are accurate or such 
requirements have been met, and Applicants reserve the right to analyze and dispute such assertions/requirements in 
the future. 
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is no teaching, suggestion, or motivation to combine Kalyan and Norton with Applicant's 
Background. 

A. Independent Claim 1 

1. "inventorying a plurality of assets of the organization, wherein each 
asset is defined to be one of an electronic asset type and a location 
asset type . . . and the location asset type includes physical locations 
where the electronic asset types are placed. " 

The Examiner alleged that the "Inventory and definition" section of Applicants' 
Background teaches the identified recitation of claim 1 . (Office Action, page 3.) Specifically, 
the Examiner stated that Applicant's Background teaches the identified recitations by teaching 
that "[i]n order to measure the theoretical impact of a risk, the organization determines its assets 
(e.g., electronic devices, electronically stored data, etc.) that are involved in support of critical 
processes." (Office Action, page 4.) 

However, the cited portions of Applicants' Background say nothing at all about how 
"each asset is defined to be one of an electronic asset type and a location asset type," as recited in 
claim 1. Applicants' Background merely states that "the organization determines its assets," and 
provides examples of assets, such that assets can be "electronic devices, electronically stored 
data, etc." (Applicants' Background: page 4, lines 1 1-13.) In addition, Applicants' Background 
fails to teach or suggest that "each asset is defined to be one of an electronic asset type and a 
location asset type." Further, the cited portions of Applicants' Background say nothing at all 
about how "the location asset type includes physical locations where the electronic asset types 
are placed." 

Applicants' Background mentions that "[t]here are a number of conventional automated 
tools which can assist the organization in accomplishing this phase of the process. These tools . . 
. are able to map network systems and devices and produce reports showing OS (operating 
system) type, revision level and the services that a system is making available to a network." 
(Applicants' Background: page 4, lines 17-23.) However, such tools cannot automatically 
determine an asset's location, let alone teach that "the location asset type includes physical 
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locations where the electronic asset types are placed," as recited in claim 1 . Therefore, for this 
reason alone, claim 1 is patentably distinct. 

2. "identifying at least one criterion defining a security objective of the 
organization. " 

The Examiner alleged that the "Vulnerability and threat evaluation" section of 
Applicants' Background teaches the identified recitation of claim 1 . (Office Action, page 4.) 
However, Applicants' Background not only fails to teach or suggest the identified recitation, but 
actually teaches away from "identifying at least one criterion defining a security objective of the 
organization." 

Applicants' Background fails to teach or suggest "identifying at least one criterion 
defining a security objective of the organization." Instead, Applicants' Background states that 
"[i]n this phase, the organization is examined for weaknesses that could be exploited by an 
unauthorized outsider, and the chances of an outsider attacking those weaknesses." (Applicants' 
Background: page 5, lines 1-3.) Thus, for this additional reason claim 1, is patentable over the 
cited references. 

3. "identifying one or more inventoried assets that relate to the 
identified criterion. " 

The Examiner alleged that Applicants' Background teaches the identified recitation by 
stating that "[o]nce assets have been identified, a value is assigned to each asset." (Office 
Action, page 4.) However, the cited portion is actually discussing steps performed after assets 
have been identified, and clearly fails to teach or suggest "identifying one or more inventoried 
assets that relate to the identified criterion," as recited in claim 1 . Further, assigning a value to 
an asset is clearly distinguishable from "identifying one or more inventoried assets that relate to 
the identified criterion." Specifically, Applicants' Background fails to teach or suggest 
"identifying one or more inventoried assets that relate to the identified criterion," as recited in 
claim 1 . 

The cited portion of Applicants' Background states "[o]nce assets have been identified, a 
value is assigned to each asset." (Applicants' Background: page 4, lines 13-14.) Applicants' 
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Background suggests assigning a value to a previously identified asset. However, the cited 
portions of Applicants' Background say nothing at all about "identifying at least one criterion 
defining a security objective of the organization," and thus clearly fail to teach or suggest 
"identifying one or more inventoried assets that relate to the identified criterion." Notably, the 
cited portion clearly says nothing at all about identifying an asset that relates to the identified 
criterion. Thus, for yet a further reason, claim 1 is in condition for allowance. 

4. "assessing the risk to the organization based on the measured values 
of the one or more metric equations. " 

Independent claim 1 further recites in part "assessing the risk to the organization based on 
the measured values of the one or more metric equations." The Examiner alleged that 
Applicants' Background teaches this recitation, and relied on the statement that "[o]nce risk has 
been assessed and identified, the organization can choose to accept the risk, mitigate the risk, or 
transfer the risk." (Office Action, page 4.) However, the cited portion is actually discussing an 
organization's options after assessing the risk, as opposed to "assessing the risk." Further, 
Applicants' Background states that "[t]his phase of the process allows an organization to 
evaluate the cost of the countermeasure versus the value of the asset to be protected by the 
countermeasure." (Applicants' Background: page 7, lines 21-23.) Thus, Applicants' 
Background clearly fails to teach or suggest "assessing the risk to the organization based on the 
measured values of the one or more metric equations." Thus, for yet this additional reason, 
claim 1 is patentable over the cited references. 
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5. "formulating one or more metric equations for each identified 
criterion . . . each metric equation being defined, in part, by the one 
or more identified assets, wherein each metric equation yields an 
outcome value when one or more measurements are made relating to 
the identified assets. " 

The Examiner admitted that Applicants' Background fails to teach or suggest the 
identified recitations, and cited Kalyan and Norton to compensate for the deficiencies of 
Applicants' Background. (Office Action, page 4.) The Examiner stated that "Kalyan discloses 
the formulating and solving of equations for identified criteria," and pointed to Kalyan' s Abstract 
and elements 43 and 44 of Figure 4. (Office Action, page 4.) Specifically, the Examiner stated 
that "Kalyan discloses the formulating and solving of equations for identified criteria utilizing a 
computer." (Office Action, page 4.) However, Kalyan is not directed to the subject matter of 
Applicants' Background or Applicants' claims, nor is the section cited by the Examiner relevant 
to the identified recitations. 

Kalyan is directed to developing a monetary value of resources for a manufacturer based 
on market demand, such as future uncertain demand for various products. For example, Kalyan 
states that the disclosure is directed to "[a] method of valuing resources of an asset intensive 
manufacturer." (Kalyan: Abstract.) More specifically, Kalyan is directed to "valuing resources 
used to manufacture products" (Kalyan: col. 1, lines 43-45). Kalyan states that "[a]n example of 
an asset intensive manufacturing is steel manufacturing." (Kalyan: col. 2, lines 49-50.) Further, 
Kalyan states "[v]alue management for asset intensive manufacturing is based on the following 
principle: Based on future uncertain demand for various products, expected prices for those 
products, and available capacities of resources during periods required to supply demand when 
demanded, a value for each resource during those periods can be calculated." (Kalyan: col. 2, 
lines 54-59.) "The calculation results in threshold prices, referred to as minimum acceptable 
values (MAVs) for a given demand period." (Kalyan: col. 2, lines 59-61, emphasis added.) 
Thus, Kalyan is wholly directed to valuing resources of a manufacturer, and has nothing to do 
with the subject matter in Applicants' Background or Applicants' claims. In addition, Kalyan 
clearly fails to teach or suggest the identified recitations. 
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The cited portions of Kalyan do not teach or suggest "formulating one or more metric 
equations for each identified criterion," as recited in claim 1 . Instead, Kalyan discloses valuing 
products and resources with one equation per resource, not per criterion. In Figure 4, Kalyan 
"illustrates how MAV [minimum acceptable values] equations are set up and solved." (Kalyan: 
col. 2, lines 20-23.) Figure 4 is a flow chart, where element 43 is the third process step and states 
"set up Nr equations each with only one variable, the corresponding A,," where X represents "the 
resource." (Kalyan: Figure 4; and col. 7, line 38.) Further, element 44 is the following process 
step and states "solve each equation using a binary tree to converge to a new A. for each 
equation." (Kalyan: Figure 4.) Kalyan fails to teach or suggest "formulating one or more metric 
equations for each identified criterion." To the contrary, Kalyan discloses valuing products and 
resources with one equation per resource, not per criterion. 

Claim 1 recites that "a criterion" relates to "a security objective of the organization." 
Clearly a resource that is used to manufacture a product is not, and cannot be equated with, "a 
criterion" that relates to "a security objective of [an] organization," as recited in claim 1 . 
Moreover, the differences between Kalyan and claim 1 can be seen in context, at least because 
the modeling in Kalyan is for the purpose of "valuing resources used to manufacture products" 
(e.g. Kalyan, col.l, lines 43-45), without regard to "at least one criterion defining a security 
objective of the organization." 

6. No Teaching or Suggestion to Combine Kalyan with Applicants' 
Background 

The Examiner summarily concluded that "it would have been obvious to one of ordinary 
skill in the art to incorporate the teachings of Norton into ABI and Kalyan to effectively manage 
access to the asset information." (Office Action, page 5.) However, there is no teaching or 
suggestion that would motivate one to combine Kalyan with Applicants' Background, as alleged 
by the Examiner. 

Kalyan is directed to a method of valuing resources of an asset intensive manufacturer by 
utilizing "a computer-implemented tool that implements a 'value-management' (VM) pricing 
method." (Kalyan: col. 2, lines 20-23.) Notably, Kalyan is directed to calculating the monetary 
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value of various resources during various periods by basing the value on certain principles, such 
as "future uncertain demand for various products, expected prices for those products, and 
available capacities of resources during periods required to supply demand when demanded." 
(Kalyan: col. 2, lines 54-59.) Applicants' Background, on the other hand, is directed to risk 
management, particularly for computer systems. Clearly, Kalyan is not directed to the recitations 
found in Applicants' claims because Kalyan is concerned with valuing assets based on 
conceptualized market conditions. Further, without using Applicants' claims as a road map, 
there is no teaching, suggestion, or motivation to combine Kalyan with Applicants' Background. 

Accordingly, for at least the foregoing reasons, claim 1, as well as claims 3-8 depending 
therefrom, are patentable over the cited references. In addition, Norton fails to compensate for 
the deficiencies of Applicants' Background and Kalyan. Therefore, claims 1 and 3-8 are in 
condition for allowance. 

B. Independent Claims 9, 17, and 24 Are Patentable Over The Cited References. 

1. "identify a plurality of assets of the organization, wherein each asset 
is defined to be one of an electronic asset type and a location asset 
type . . . and the location asset type includes physical locations where 
the electronic asset types are placed. " 

Although each independent claim includes differs in scope, the Examiner simply alleged 
that independent claims 9, 17, and 24 each "recites similar limitations to claim 1 and thus [are] 
rejected using the same art and rationale as in claim 1." (Office Action, pages 6 and 7.) 
Independent claims 9 and 17 each include the identified recitations. Independent claim 24 
recites in part "inventorying a plurality of assets of the organization, wherein each asset is 
defined to be one of an electronic asset type and a location asset type . . . and the location asset 
type includes physical locations where the electronic asset types are placed." 

As discussed above with respect to claim 1, the Examiner alleged that the "Inventory and 
definition" section of Applicants' Background teaches the identified recitations. (Office Action, 
page 4.) However, Applicants' Background clearly fails to teach or suggest that "each asset is 
defined to be one of an electronic asset type and a location asset type." In addition, the cited 
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portions of Applicants' Background say nothing at all about how "the location asset type 
includes physical locations where the electronic asset types are placed." 

2. "identify a plurality of criteria, each criterion defining a security 
objective of the organization. " 

Independent claim 9 includes the above-identified recitation. Independent claims 17 and 
24 each recites in part "identifying at least one criterion defining a security objective of the 
organization." The Examiner alleged that the "Vulnerability and threat evaluation" section of 
Applicants' Background teaches this recitation. (Office Action, page 4.) However, also as 
previously discussed regarding claim 1, Applicants' Background fails to teach or suggest the 
identified recitation. 

3. "identify a plurality of inventoried assets that relate to each 
identified criterion. " 

Independent claim 9 also includes the above-identified recitation. Independent claims 17 
and 24 each recites in part "identifying] one or more inventoried assets that relate to the 
identified criterion." The Examiner alleged that the "Inventory and definition" section of 
Applicants' Background teaches this recitation. (Office Action, page 4.) However, also as 
previously discussed regarding claim 1, Applicants' Background fails to teach or suggest 
"identifying] a plurality of inventoried assets that relate to each identified criterion." 

4. "formulatfingj one or more metric equations for each identified 
criterion. " 

Independent claims 9, 17, and 24 each recites in part "formulat[ing] one or more metric 
equations for each identified criterion." The Examiner admitted that Applicants' Background 
fails to teach or suggest this recitation, and cited Kalyan to compensate for the deficiencies of 
Applicants' Background. (Office Action, page 5.) As previously discussed regarding claim 1, 
however, the cited portions of Kalyan do not teach or suggest "formulat[ing] one or more metric 
equations for each identified criterion." In addition, there is no teaching, suggestion, or 
motivation to combine Kalyan with Applicants' Background. 
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Accordingly, for at least the foregoing reasons, independent claims 9, 17, and 24, as well 
the claims depending therefrom, are patentable over the cited references. Therefore, claims 9 
and 11-31 are in condition for allowance. 

III. Dependent Claims 4, 12, 19, and 27 Are Patentable Over The Cited References. 

"wherein the plurality of assets are defined to be one of a user type, a 
user population type, a data type and a network type in addition to the 
electronic type and the location type, wherein the user type relates to an 
individual user and the user population type relates to a group of users. " 

The Examiner alleged that the "Inventory and definition" section of Applicants' 
Background teaches the identified recitation. (Office Action, page 5.) However, the cited 
portions of Applicants' Background clearly fail to teach or suggest that "the plurality of assets 
are defined to be one of a user type, a user population type, a data type, and a network type." In 
fact, Applicants' Background makes no mention of "a user type, a user population type, a data 
type, [or] a network type." 

Because Applicants' Background fails to teach or suggest the above-identified recitation, 
claims 4, 12, 19, and 27 are in condition for allowance. 

IV. Dependent Claims 5, 13, 20, and 28 Are Patentable Over The Cited References. 

"establishing] at least one relationship between the plurality of assets. " 

The Examiner admitted that Applicants' Background fails to disclose the identified 
recitation, and cited Norton to compensate for the acknowledged deficiency of Applicants' 
Background. (Office Action, page 5.) Specifically, the Examiner alleged that Norton teaches 
this recitation in Figure 8 and in paragraphs 85-90. (Office Action, page 5.) 

Norton is directed to "[a] system and method for managing asset information . . . [such as 
part of] a total asset management system." (Norton: Abstract.) The cited portions of Norton 
disclose a variety of "asset search options" that "enables a user not only to search for an asset, 
but also to view a range of detailed information about the selected asset." (Norton: page 4, 
85-87.) Norton further discloses that "[t]he Asset tab 70 displays detailed asset information for 
the asset selected," and that such information may include the asset's serial number, tracking 



17 



Application No. 1 0/032,6 1 0 Docket No.: 2007046 1 

Response to Non-Final Office Action dated May 19, 2009 
Reply to Non-Final Action dated February 19, 2009 

number, purchase order, manufacturer, model number, etc. (Norton: pages 4-5, 88-93.) 
Figure 8 of Norton is simply a screen shot of a website showing "an exemplary display resulting 
from the selection of the Option Tab." (Norton: page 2, ^| 36.) 

Norton clearly fails to teach or suggest "establishing at least one relationship between the 
plurality of assets." Therefore, claims 5, 13, 20, and 28 are patentable over the cited references, 
including Norton. 

V. Dependent Claims 6, 14, 21, And 29 Are Patentable Over The Cited References. 

"linkfingj a first asset defined to be in one asset type with a second asset 
defined to be in another asset type. " 

The Examiner stated that "[c]laims 6, 7, and 8 recite similar limitations to claim 5, and 
thus [are] rejected using the same art and rationale as in claim 5." (Office Action, page 5.) 
However, dependent claims 6, 14, 21, and 29 recite in part "link[ing] a first asset defined to be in 
one asset type with a second asset defined to be in another asset type." None of the cited 
references, including Norton, teach or suggest the identified recitation. 

As previously discussed, Norton discloses a variety of "asset search options" that allow a 
user to search for an asset, and view detailed information about a selected asset. (Norton: page 4, 

85-87.) Norton fails to teach or suggest "linking a first asset defined to be in one asset type 
with a second asset defined to be in another asset type." Therefore, claims 6, 14, 21, and 29 are 
patentable over the cited references, including Norton. 

VI. Dependent Claims 7, 15, 22, And 30 Are Patentable Over The Cited References. 

"link[ing] a first asset defined to be in one asset type with a second asset 
defined to be in the same asset type. " 

Again, the Examiner admitted that Applicants' Background fails disclose the identified 
recitation, and cited Norton to compensate for the acknowledged deficiency of Applicants' 
Background. (Office Action, page 5.) The Examiner alleged that Norton teaches this recitation 
on page 4 in paragraphs 85-90. (Office Action, page 5.) However, the cited portions of Norton 
say nothing at all about "linking a first asset defined to be in one asset type with a second asset 
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defined to be in the same asset type." Therefore, dependent claims 7, 15, 22, and 30 are in 
condition for allowance. 

CONCLUSION 

All rejections have been addressed. In view of the above, the presently pending claims 
are believed to be in condition for allowance. Accordingly, reconsideration and allowance are 
respectfully requested and the Examiner is respectfully requested to pass this application to issue. 
It is believed that any fees associated with the filing of this paper are identified in an 
accompanying transmittal. However, if any additional fees are required, they may be charged to 
Deposit Account 18-0013, under order number 65632-0525. To the extent necessary, a petition 
for extension of time under 37 C.F.R. 1.136(a) is hereby made, the fee for which should be 
charged against the aforementioned account. 
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